Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow customization of /etc/hosts, /etc/resolv.conf, etc. in containers #2267

Closed
jpetazzo opened this issue Oct 17, 2013 · 130 comments · Fixed by #5129
Closed

Allow customization of /etc/hosts, /etc/resolv.conf, etc. in containers #2267

jpetazzo opened this issue Oct 17, 2013 · 130 comments · Fixed by #5129

Comments

@jpetazzo
Copy link
Contributor

(Sorry if this is a duplicate; but I remember that I had a very extensive conversation with @creack a while ago about this topic, and I thought that we had written our conclusions to a GitHub issue; but I cannot find said issue; so it looks like we hadn't, after all.)

Some people need to customize /etc/hosts, /etc/resolv.conf, or even /.dockerinit.
(See for instance #1951 and #2068, as well as this message on docker-user).
#1959 provides a naive implementation, making the bind-mounted files read-write. It works, but changes are lost since those files are regenerated.

The idea discussed with @creack was the following (as far as I can remember):

  • instead of using a AUFS-specific mechanism to inject those files (top-level ro layer) and then a bind-mount on top of that, just inject the files before starting the container, unless those files are present (and non-empty) in the image: in that case, use whatever is in the image;
  • when executing a docker commit or docker diff, check if the files have been changed (i.e. if they are different from what they were when the container was started), and include them only if they were changed (which means that dynamically generated files won't be included if they haven't been changed).

Those files are already listed in graph.go:203, and this comment in image.go:407 might indicate that the device mapper branch already implements part of what's needed.

The main outstanding issue is to decide whether to require a special flag to commit those special files, to avoid unwanted modifications (e.g. "Something changed the hostname or DNS configuration in my container, and all images derived from that container are broken!").

Requiring a special flag for docker commit makes sense (-f, like force?); however, for docker build, it's a bit more complex. Maybe the Dockerfile could include a special directive saying explicitly "this Dockerfile generates an image with a modified resolv.conf", e.g. CUSTOM /etc/resolv.conf /etc/hosts.

/cc @creack @metalivedev @shykes for feedback.

@metalivedev
Copy link
Contributor

I think we need a name for the list of files in graph.go:203 so that we can refer to the list as a whole. I'm going to call them the DockerInitLayer Files until someone tells me different. Its descriptive and greppable in the code.

I agree that a simple flag on a commit is an ok way to override the default behavior (i.e. if the default behavior is to ignore the DockerInitLayer files when committing, then the flag would indicate that the committer wants them preserved, or if the default is to always include them, the the flag would indicate they should be excluded from the image).

But what happens on docker run? Do I get warned that the image contains non-default settings for the DockerInitLayer files in /etc (or other places)? Do I have a way to override them and use the defaults or my own preferences? Can I inspect them before starting the image?

I like how your proposed CUSTOM Dockerfile command explicitly lists the files which would be committed.

Is there a way to unify this with the way we handle data volumes and bind mounts? That is "here are some special files that we want to be (readable | read-writable) within the container and we (do | do not) want to be included in the container's changes when committing to an image or diffing. The data for the file actually lives ( on this mount point for the host | in another container | etc). Initialize the file with ( an empty file | this file | etc)." It seems like a unified approach could be easier to learn and make defaults easier to document and override.

@abilashks
Copy link

@unclejack we can set the dns server names as suggested by you. but it will be better to edit the resolv.conf file because we need to add search option in resolv.conf since we dont use fully qualified domains names for internally used links.

@danielnorberg
Copy link
Contributor

Second that, we also need to be able to configure the resolv.conf search option.

@jrydberg
Copy link
Contributor

Now that 0.7 is out, maybe this can get some priority?

@thijsterlouw
Copy link
Contributor

I also really need to set search option in resolv.conf ; now I am working with internal services that return urls that rely on the correct search settings.

@jacksoncage
Copy link

I would also really like to see this get fixed.

@sundbp
Copy link

sundbp commented Dec 9, 2013

+1

2 similar comments
@Krijger
Copy link

Krijger commented Dec 10, 2013

+1

@tpires
Copy link

tpires commented Dec 10, 2013

+1

@jeffbaier
Copy link

This issue is very important to me right now as well.

@shykes
Copy link
Contributor

shykes commented Dec 11, 2013

Ok I think we're in good shape to fix this now. Every container in 0.7 has a writeable init layer which can be changed before starting, for customizations like this.

On Tue, Dec 10, 2013 at 3:16 PM, Jeff Baier [email protected]
wrote:

This issue is very important to me right now as well.

Reply to this email directly or view it on GitHub:
#2267 (comment)

@shykes
Copy link
Contributor

shykes commented Dec 11, 2013

Tentatively scheduling for 0.8

@paulosuzart
Copy link

+1

@kiorky
Copy link
Contributor

kiorky commented Dec 11, 2013

I would want to configure not only at creation time but at any time of the container living, and i am voting for it to just be a normal writable file in the filesystem as it would already have been for years and not mounted r-o on a special layer :) (related to #2276)

@tiagoboldt
Copy link

+1

@hftechops
Copy link

+1 , agree with kiorky need be able to modify hosts file at any time not just during creation. Not having that is a show stopper for me.

@kiorky
Copy link
Contributor

kiorky commented Dec 12, 2013

I would just explicitly note that i want to be able to edit any file, not only /etc/hosts.

@PierreR
Copy link

PierreR commented Dec 24, 2013

+1

1 similar comment
@skyrocknroll
Copy link

+1

@shykes
Copy link
Contributor

shykes commented Dec 24, 2013

The only bottleneck for this is development time. If somebody wants to contribute it, we can help you. Otherwise, it will be done eventually :)

On Tue, Dec 24, 2013 at 8:51 AM, Yuvaraj [email protected] wrote:

+1

Reply to this email directly or view it on GitHub:
#2267 (comment)

@iambowen
Copy link

hi, I am trying to put several services into different docker containers. And I want them to have property hostname before the service start. But in the dockerfile, I can't write the hostname info into /etc/hosts, can we have this function? Thanks a lot.
+1

@davidvossel
Copy link

+1

@cpuguy83
Copy link
Member

@netroby define "real world" prod environment
I have not once had to manipulate these files.

That said, you can add resolvers using the --dns flag when creating the container.
And if you really must edit them you can do so now from the host. Each container has it's own /etc/hosts and /etc/resolve.conf and they are bind-mounted in from /var/lib/docker/containers/<id>

If you are having some specific problem I'd be happy to discuss a solution on IRC.
There are more ways than one to do anything/everything.

@ghost
Copy link

ghost commented Aug 19, 2014

Ok, i got another problem, how to modify the flags with exists container? I creat the container before, and now i want change some config, such as port bind and dns options.

@cpuguy83
Copy link
Member

@netroby This is not the place to discuss this.
Please use either the mailing list or #docker on freenode.

@jablo
Copy link

jablo commented Oct 21, 2014

Just started on docker, what an amazing thing to have. But I hit this problem even before I have my first non-playaround image up and running.

--dns works fine on docker run

But I need it to be present on docker build, so I can reach internal repositories and whatnot to build my image. Bang, I'm dead because the image seems to be hard coded to using dns 8.8.8.8 during docker build. How to work around that, I wonder...

@PierreR
Copy link

PierreR commented Oct 21, 2014

I have been using dnsmask ever since this issue was created. It works nicely for me.

@gdm85
Copy link
Contributor

gdm85 commented Oct 21, 2014

@jablo @PierreR see also #5779

@addhewarman
Copy link

This is done actually, i am using docker

Docker version 1.4.1

you can add entry into your docker with option --add-host=""

sample
~#$ sudo docker run --add-host="<name_host>:<ip_host>" image_id

~#$ sudo docker run -i -t -p 80:80 --add-host='logserver:127.0.0.1' ubuntu/14.04 /bin/bash

sample with multiple entry

~#$ sudo docker run -i -t -p 80:80 --add-host='javacronserver:127.0.0.1' --add-host='dbserver:127.0.0.1' --add-host='logserver:127.0.0.1' ubuntu/14.04 /bin/bash

@justinwhite
Copy link

Thanks @addhewarman. The --add-hosts flag worked like a charm.

@harsh86
Copy link

harsh86 commented Mar 18, 2015

Thanks @addhewarman. The --add-hosts flag worked like a charm.

@hridyeshpant
Copy link

@addhewarman
i need to append new name server in /etc/resolv.conf in container, could you please help me what is the best way ?
i used --dns-search option but it is overriding the host /etc/resolv.conf default value . i want to append the new entry with the default value?

@addhewarman
Copy link

to be honest what you face is exactly like mine but in my case i am not using container so how i update my resolv.conf is simply using ansible to update my /etc/resolv.conf. and what we're doing is simply wrong and it's not the best way how to do it, if you are always change information in /etc/resolv.conf then you will face what i face when i am creating my 'disaster recovery' implementing chaos monkey state of immutable infra. something in-between your infra will break and stop working.

so here's i recommend you 👍

  1. Upgrade your Docker to 1.5.0 and above
  2. Try this dns docker https://github.com/phensley/docker-dns (credit to phensley)

just note to everyone that using docker, docker is container and you should remember the docker philosophy ( one concern per container ) this will make your life easier using it.

Note: For containers which were created prior to the implementation of the /etc/resolv.conf update feature in Docker 1.5.0: those containers will not receive updates when the host resolv.conf file changes. Only containers created with Docker 1.5.0 and above will utilize this auto-update feature.

@WuYuntaoTheGreat
Copy link

My solution:
--privilege
umount /etc/resolv.conf

@cpuguy83
Copy link
Member

It's customizable for a long time...

@aries1980
Copy link

@cpuguy83 : can you point me to the documentation that describes how?

@cpuguy83
Copy link
Member

@aries1980 you can just write to it like normal or use "--add-host" (or both)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.